from the wac-that-mole dept

You may have heard recently that after switching many domains, a few weeks back ThePirateBay returned to its original thepiratebay.org domain. It's basically an ongoing game of wac-a-mole, where the entertainment industry freaks out and scares registrars into taking back whatever domain and TPB just moves on. It's unclear what good this does for anyone, but it keeps happening. And with the return to .org, it appears the entertainment industry has basically lots its mind. First, it had one of its lobbying front groups, the Copyright Alliance write a hellishly misleading post attacking Public Interest Registry (PIR), the organization that currently runs the .org top level domain.

It is shocking that a domain name registry in the United States – one that is dedicated to “the public interest” – is allowing a blatantly illegal site to have a home on the .org domain. This is especially disturbing given that the operators of The Pirate Bay have been found guilty of criminal copyright infringement, The Pirate Bay domain names have been seized or suspended around the globe, and even its co-founder, Peter Sunde, has walked away from it. Despite all this, The Pirate Bay seems to have found a sanctuary here in the United States by PIR.

As far as I can tell, there is no court ruling in the US that says any of the above is true. While it's true that a few former operators were found guilty, they served their time in prison and as far as I know, none are involved in the current site. And, as has been pointed out over and over again, the site is basically a search engine. Accusing it of "criminal infringement" makes no sense. Furthermore, while the Copyright Alliance fought hard to get SOPA passed, it failed. US law does not currently require registrars or registries to remove domains just because the Copyright Alliance or the RIAA dislike a site. Sorry: you didn't get the law you wanted, so don't pretend you did.

Torrenfreak further points out that while the Copyright Alliance points to PIR's abuse policy, it conveniently ignores that said policy does not apply to intellectual property disputes, which require actual due process.

Meanwhile, as the Copyright Alliance was whining publicly, the RIAA was sending a letter to PIR basically saying the same thing, and asking it to take down the .org domain. The letter lists other countries where various TPB domains have been blocked, and then notes:

With respect to the U.S, please remember that the infringing nature of The Pirate Bay has
been noted in each of the Notorious Market Reports issued by the USTR for the past several
years. Per the Google copyright transparency report, over 400,000 infringements have been
identified on www.thepiratebay.org, with over 50,000 since The Pirate Bay moved back to its
.org domain. This is in addition to the over 3,000,000 infringements identified on its previous
alter ego, www.thepiratebay.se. It is well known that The Pirate Bay does not take action in
response to notices. In addition, there have been numerous reports recently of malware and other
abuse occurring via The Pirate Bay at its various domains.

Of course, it's a bit weird to use Google's transparency report as part of its argument, since that just details accusations, rather than actual evidence of infringement (and, again, I don't know how many times this needs to be pointed out, but TPB doesn't host any content). And, again, the RIAA supported SOPA, but it lost. It should stop pretending it won.

PIR, in turn, forwarded the letter on to TPB's registrar, EasyDNS. EasyDNS then contacted TPB to discuss the possible policy violations, and got back reasonable answers that it was not actually in violation. On the question of copyright, TPB claimed that it now abides by the DMCA:

TPB is DMCA compliant and if TPB receive any DMCA complaints from
RIAA they will be investigated and removed if found to be valid. We
have not revived[sic] any DMCA complaints from RIAA at all so far this
year.

Some may point out that TPB, in the past, regularly ignored (or mocked) the DMCA, noting that as a non-US company, it was not subject to US laws. Whether or not TPB still ignores DMCA takedowns could, arguably, impact if it's abiding by registrar policies, but without a court weighing in, it's difficult to see how a registar should take the RIAA's word for it without more evidence.

The RIAA's letter also notes TPB distributing malware, and so EasyDNS asked about that as well, to see if it violated its terms of service, and again TPB insists that the RIAA is being misleading:

As with every site that are displaying 3rd party advertising trough
external ad-networks, sometime bad and corrupt ads slips by, it
happens to everyone, here is an example:

As soon as it is discovered/detected on TPB, the ads will be taken
down, or the entire ad-tag from where the malware comes, until the
issue is resolved. Usually with the help of google webmaster-tools
to track down the exact source of the malware.

It has happened twice during 2016, both times when adding new ad-
networks, They were taken down directly when detected.

Based on that, EasyDNS properly notes that it has no legitimate basis to takedown TPB's .org domain.

At this time we find no violation of our AUP. Absent either a specific
proceeding pursuant to our accreditation as a .ORG registrar or a legal
finding in a competent jurisdiction to the Province of Ontario, there is
nothing for us to do.

easyDNS will of course always: comply with our contractual obligations -
both to the registries we operate under and to our customers; comply
with the laws under which govern our jurisdiction (the Province of
Ontario, Canada) and enforce our own Acceptable Use Policy.

Thank you for bringing this matter to our attention.

In a blog post, EasyDNS President Mark Jeftovic explains the due process rationale here:

Our opinion in these matters continues unchanged. As a Registrar or as a DNS provider unless there is a clear violation of our AUP or net abuse (which we are competent to detect), taking action against domains based on content or at the behest of third-parties, regardless of their altruism or noble intentions, amounts to having us adjudicate international law. It's not reasonable to expect us to do that and you don't want your domain registrar doing that.

This is the key point. Whatever you believe about TPB -- and many people see it as being horribly illegal, obviously -- due process has to mean something. The RIAA and its friends should not just be able to point to something and say "illegal, kill it!" because they have a fairly long history of being totally wrong about such things. In the past, they've argued that nearly every innovation is illegal, from player pianos to radio to cable TV to the photocopier to the VCR to the DVR to the MP3 player and to YouTube. And over and over they've been wrong about those things. And that's why due process is important, and why it's good to see EasyDNS (and PIR) recognizing this.

Jeftovic, by the way, separately highlights that no one should think of EasyDNS as being "friendly" to bittorrent site operators, as he expects it won't be long until there will be sufficient due process to take down those sites:

We should also mention our Open Letter to Bit Torrent operators, wherein we predict a near-future where due process across borders catches up with technology and when that happens it will be relatively quick, easy and painless for a law enforcement agency in one country (i.e. Sweden) to have the requisite order issued in another country (like Canada, eh) and cause a domain that appears to be flagrantly violating copyright and freeriding on content creators efforts to be shut down.

Ahead of that day, if I were a filesharing site operator I'd be using my time wisely in concentrating my efforts on legitimizing my operations. This would include negotiating blanket licensing agreements with mechanical rights agencies.

In other words, contrary to what some will claim, this is not EasyDNS standing up for torrent sites. It's EasyDNS standing up for basic due process. You'd think that the Copyright Alliance and the RIAA would support due process, but apparently that's too difficult.

from the this-is-not-a-good-idea dept

Oh boy. Back in August of last year, EasyDNS announced that it was being sued in an Ontario small claims court for refusing to take down a website. The lawsuit was filed by a guy named Andy Lehrer, who was upset about another website that makes fun of Andy Lehrer (and may, possibly, include defamatory statements). Whether or not that site is defamatory is between Lehrer and whoever made the site (and, potentially, a court of law). Lehrer demanded EasyDNS take the site down, but the company (rightfully) pointed out that it would need a court order before doing so. But, instead, Lehrer went after EasyDNS in a lawsuit, naming it as a "co-defendent" and demanding $25,000 and injunctive relief (i.e., that the site be taken down).

In November, EasyDNS wrote about the case again, pointing out that it was seeking to get out of the case, because it shouldn't be considered liable for what a user did on his own site just because EasyDNS hosts it. Also, small claims court doesn't provide injunctive relief as a remedy anyway. In response, it appears that Lehrer has decided to amend his complaint against EasyDNS, specifically arguing that the company further damaged him by writing about the case. Seriously. From the lawsuit:

54) Further, the Defendant EasyDNS has, on August 22, 2014, November 13, 2014 and December 10, 2014, posted publicly about this lawsuit on http:/blog.easydns.org and directed people to the Defendant Rourke's content despite knowing that the Plaintiff views this content as defamatory. According to a chart posted on the Defendant EasyDNS's November 13, 2014 posting, the earlier blog entry of August 22 resulted in substantial increase in the number of individuals viewing the causepimps.ca website. The postings by EasyDNS constitute egregious and non-content neutral behaviour which is contrary to the EasyDNS's claim of "innocent dissemination" and deserves the censure of this court.

55) In addition, in reaction to the within proceeding, the Defendants easyDNS and Rourke have both published the statement of claim on their respective websites. In addition, Defendant EasyDNS has published the statement of claim on the online publishing platform Scribd. The Defendants have thus furthered the libels after being put on notice of the defamation. Their conduct is egregious, is deserving of the censure of this court including the imposition of punitive damages.

56) The Plaintiff pleads that the Defendants deliberately, intentionally or recklessly harmed and damaged the Plaintiff by publishing and distributing the defamatory words and that they acted with actual malice by either publishing and distributing the defamatory statements with the knowledge that the information was false or with reckless disregard of whether it was false or not.

Got that? Merely writing about the case apparently is a cause of new action, as is, apparently, posting the public document filed in the lawsuit. But that's absurd. Lehrer's entire lawsuit is premised on the idea that the content is obviously defamatory, but as EasyDNS pointed out to him, that's a matter for the courts to decide, not a hosting provider.

In the US, thankfully, things like Section 230 of the CDA would immunize against any kind of legal attack like this -- but Canada doesn't have an easy out like that, which means it's likely that EasyDNS will have to go to court and defend itself using basic common sense on liability, noting that it's just the host and not responsible for the content, and that it would be absolutely insane to hold it liable for the content. Finally, as of this amended complaint, it will have to explain why talking about a lawsuit and filing the public documents related to that lawsuit is not some sort of egregious behavior that deserves "the imposition of punitive damages."

Once again, we're left amazed at how some people assume that anything they don't like online must be illegal, and everyone else must be responsible for it.

from the say-what? dept

This was mentioned briefly in our recent post about EasyDNS changing how it deals with online pharmacies, but it's still dealing with bizarre requests from the City of London Police. As we've been detailing, the City of London Police seem to think that (1) their job is to protect the business model of the legacy entertainment industry and (2) that they can do this globally, despite actually just representing one-square mile and (3) that they can do this entirely based on their own say so, rather than any actual court ruling. It started last year when the City of London Police started ordering registrars to transfer domains to the police based entirely on their say so, rather than any sort of due process/trial that found the sites guilty of violating a law. The police wanted the domains to point to sites that the legacy entertainment industry approved of, which makes you wonder why the police are working on behalf of one particular industry and acting as an ad campaign for them.

Speaking of advertising, the City of London Police's more recent tactic is inserting ridiculous and misleading banner ads on websites based on a secret blacklist that has no oversight and no due process or way to appeal. Such lists often include perfectly legitimate sites. But, I'm sure we can trust the City of London Police to get this right, given that the guy in charge of the City of London Police's Intellectual Property Crime Unit (PIPCU), Adrian Leppard, believes that "the Tor" is 90% of the internet and that "Bitnet" is a "huge risk and threat to our society."

We respectfully request that EASYDNS TECHNOLOGIES, INC. give consideration to your ongoing business relationship with the owners/purchasers of the domain to avoid any future accusations of knowingly facilitating the movement of criminal funds.

Should you require any clarification please do not hesitate to make contact.

As Jeftovic notes, the implication here is pretty clear. The City of London Police wants to "build a case" that EasyDNS is somehow responsible for aiding and abetting criminal activity.

Once again, we are being asked to do (something, we're actually not sure what this time) based entirely on an allegation which has never been tested in a court of law and has been afforded absolutely zero "due process". (The domain in question is a search engine that hosts no content).

[....]

We think this time the intent is not to actually get the domain name taken down, but rather to build some sort of "case" (I won't call it legal, perhaps the better word would be "kafka-esque") that we, easyDNS by mere "Receipt of this email" are now knowingly allowing domains under management to be "used to facilitate criminal activity".

Thus, if we don't takedown the domains PIPCU want us to, when they want us to, then we may face accusations in the future (in their own words) "of knowingly facilitating the movement of criminal funds."

Which of course, we don't know at all because there has never even been a court case anywhere to test the PIPCU allegations. I know I never went to law school or anything, but in my mind, until that happens, that is all they are – allegations.

And, of course, it's tough to see how the City of London Police have any jurisdiction at all over EasyDNS, a Canadian company. Jeftovic goes on to wonder if the City of London Police are actually defaming the websites they accuse in these notices. Of course, the problem is that these sites tend to be small and powerless. As we've seen with sites like Dajaz1 and Rojadirecta, even after they were taken down and businesses were destroyed for over a year before the Justice Department in the US simply dropped the cases and handed back the domain names, there was little those sites could do in response. Sure, they could have filed a lawsuit, but lawsuits are expensive, and a lawsuit for a tiny struggling website against the US government? That's just not likely to get anywhere productive.

What's extra troubling is how this tactic of targeting registrars for non-judicial censorship like this is becoming increasingly common -- and it's happening in countries like the US and the UK which claim to support basic principles of due process and are (supposedly) against prior restraint. When it comes to the City of London Police, they seem to be operating without any sort of controls or oversight, just making it up as they go along. Unfortunately, because they're "the police," it doesn't seem likely that anyone will get them to cut out this censorious and harassing activity.

from the not-an-easy-balance dept

We've written a few times about domain registrar/hosting company EasyDNS, which has been pretty vocal about how law enforcement and industry groups have recently started targeting registrars and hosting comapnies as "the soft underbelly" for censorship and coercive control. While we've covered this issue frequently as it relates to things like copyright, the real ground zero for this may be around online pharmacies. The online pharmacy space is a bit complicated -- because there are really a few different kinds. There are US-based accredited/approved pharmacies, there are overseas accredited/approved online pharmacies... and then there are flat-out rogue pharmacies dealing in illegally obtained or counterfeit medicines. Obviously the last one is in a different category altogether from the first two, but US drug companies like to conflate legal foreign online pharmacies with the rogue ones.

For years, there have been fights over the issue of "gray market" and "re-imported" drugs. The most common case involves Canadian pharmacies, which are perfectly legitimate, selling into the US, but at prices much cheaper than the drug companies would like (undercutting the prices charged by American pharmacies). Fake and dangerous drugs from rogue pharmacies are a real (if relatively small) problem. Legitimate foreign pharmacies selling into the US at cheaper prices are a made up problem by US drug companies. But those US drug companies like to take the "small" problem, and blame it on any non-US pharmacy in an attempt to block out the competition. This has been going on for years, but has ramped up recently.

We've written about how the big drug companies recently got control over the .pharmacy domain, and the indications are that they're planning to use it to block out legitimate foreign pharmacies by arguing that only online pharmacies with a .pharmacy domain are "legit" and then banning legitimate foreign pharmacies from getting the domain. Earlier this year, we also wrote about the lobbying group, the National Association of Boards of Pharmacy, telling registrars that if they complain about a site, it must be taken down.

Mixed in with all of this is the somewhat questionable setup of an operation called "LegitScript," which is an organization that claims to verify which pharmacies are legit. The history of "LegitScript" is extremely sketchy, involving a former White House official who specifically worked to block legitimate Canadian pharmacies from sending drugs to the US, and who then immediately went off to form LegitScript as a competitor to PharmacyChecker -- a similar service that verifies online pharmacies including Canadian pharmacies. Oh, and the "immediately" in the last sentence may be inaccurate as the guy, John Horton, appears to have registered the domain for LegitScript while he was still a federal government employee... Either way, the US pharma industry has worked hard to make LegitScript the standard while pushing back on PharmacyChecker.

Back to EasyDNS: the company has been fighting off these demands to shut down sites repeatedly, saying that it will only do so with a court order. After getting into a fight with the US's Food and Drug Administration (FDA) over demands to take down a bunch of domains, EasyDNS finally agreed to take down a site, after being provided with evidence that it was truly a rogue pharmacy, and someone had died from taking drugs ordered from that site. Because of this EasyDNS has adjusted its policy, saying that if you are selling drugs, you have to prove to EasyDNS that you have a license to do so, or be approved by either LegitScript or PharmacyChecker (meaning that it will allow legitimate foreign pharmacies to exist). EasyDNS is still standing up to bogus requests (including new ones from the City of London Police) to take down websites, but is being more proactive when an online pharmacy has no signs of being legitimate.

While some people complained about EasyDNS's new policy, the company's CEO Mark Jeftovic explained it as follows (after referencing the latest copyright takedown demand from the City of London Police):

So in one case we have people allegedly pirating Honey Boo Boo reruns and on the other we have people dying. We don't know where exactly, but the line goes somewhere in between there.

We have always done summary takedowns on net abuse issues, spam, botnets, malware etc. It seems reasonable that a threat to public health or safety that has been credibly vetted fits in the same bucket.

As a private company we feel within our rights to set limits and boundaries on what kinds of business risk we are willing to take on and under what circumstances. Would we tell the US State Department to go to hell if they wanted us to take down ZeroHedge? Absolutely. Do we want to risk criminally indicted by the FDA because of unregulated drug imports? Not so much.

He also notes, as we did, how Fedex was recently indicted over deliveries from questionable online pharmacies, and notes that it's only a matter of time until criminal charges are filed against a registrar or hosting company as well.

These are not easy decisions for anyone -- though, I have to imagine that truly "rogue" pharmacies are increasingly moving to the darknet and underground markets anyway. However, while some may disagree, there does seem to be a reasonable argument for why a registrar like EasyDNS decides it really doesn't want to be involved with clearly rogue pharmacies.

from the know-your-domain-right dept

When I first got into this business I frequently wondered why the domain-policy mailing lists I was getting involved in attracted a lot of activist types.

Over the years it became apparent to me very quickly, that in an emerging era of global communications and transparency (what Anthony Wile calls "The Internet Reformation") - that "the name" (the domain name) along with the ability to "locate it" (DNS) was a central, all-important "secret sauce" to the entire internet.

But it was only gradually that I became aware that it would take centre stage politically and and become the battleground between forces for liberty, free speech and emerging civil & business models on one hand and entrenched reactionary, authoritarian, cronyist kleptocrats on the other.

Hence those passionate activist types (some of whom I used to tirelessly argue with) were getting so worked up over the high-intensity Orwellianism that they could sense coming somewhere over the event-horizon.

While the co-opting of this marvellous internet into an all pervasive surveillance apparatus is a paramount issue, it is outside the scope of this article. Consider it one side of a dual-pronged approach of modern-era repression and totalitarianism.

The other side of that vice is the DNS and naming system of the internet which is the "choke point", where control can be exerted, censorship implemented and protection rackets flourish.

In a world where news travels over the internet before the traditional media is even aware of it, where non-sanctioned, unofficial sources can audaciously disseminate the truth without central planners massaging, spinning or heavily redacting it; the domain name, or the DNS that powers them is basically the dial tone of the entire global communications medium. Take out a domain or its DNS, you shut down it's voice, it's message or it's economic activity. You make it go away.

Without getting too detailed with the technical specifics (although I'll happily talk the ear off of anybody who asks me about it), the "inverted tree" structure of the DNS naming system distributes power in the following pattern:

The Root < -- ICANN

The Top Level Domains (com, net, org < ---- Verisign, Afilias, Public Interest Registry, Neulevel and soon all the new ones, Donuts, etc)

ICANN is conspicuously absent from curating the interests of global stakeholders within the overall naming scheme. Because of this, US law applies across most of the internet, and in the absence of a concerted effort to address global interests (no, not globalist interests, I mean "also considering interests from outside the USA") there will eventually be a root level net split and won't be pretty (yes, I'm fully aware how crazy that sounds now, I always sound crazy about 5-years in advance.)

At Level 2, the registry operators are themselves, pretty big and pretty bureaucratic - if a vested interest wants to compel them to do something they know they have to get a legal basis to do it, like a court order.

So the soft underbelly of coercive control starts at Level 3, which is rife with myriad third parties falling over each other to "serve" registrars, DNS providers, web hosts and ISPs with various facades of "legalese" designed to baffle unwitting abuse desks into submissive compliance with purely "made up" takedown rationalizations.

If you remember the Simpsons episode where Monty Burns is being committed to a mental institution against his will for becoming inordinately enthralled with the difference between "Ketchup" and "Catsup", he is informed by Chief Wiggum as he is being dragged up the steps to the asylum: "Relax…you've gone off your nut and you're being committed to a mental institution…. those grocery store clerks signed the commitment papers".

That's about the best description there is of today's "takedown request" racket that is overrunning the internet.

Quite literally "some guy", in England or "someplace" (often times in England tho), will email a registrar or a DNS host in some other country entirely and will tell them "Hi! I'm an 'internet investigator' here in some place in some official capacity, and the following domain names are operating in contravention to some laws here. So, uh, take the domains down. Ok?"

And more often than not, the recipient will simply AGREE and just do it.

If they do not comply right away the "official guy somewhere" will tell the recipient that if they do not comply then they are themselves in some sort of legal trouble (or in violation of some contractual obligation which some official guy somewhere is not even a party to) and there will be trouble.

Recipient usually agrees and shuts down the domain. Which, absent some obvious network abuse issue, I find mind-boggling. Some of the letters we get from private, non-governmental, self-appointed "regulatory" bodies with no legal or enforcement powers anywhere on earth contain claims and make leaps of logic which are on par with fantastic narratives spun in Nigerian 419 scams.

That some of the largest ISPs and registrars in the world actually take them seriously and shut down entire businesses on this basis is nothing short of criminally negligent.

But shut down they will. Somebody with a badge out of a box of Cracker Jacks can probably email your registrar right now and tell them to unplug your domain name from the internet and there's a good chance they'll do it.

People may tell me to calm down, because right now the most common targets seem to be "dodgy" websites (like "rogue" pharmacies), but as we've noted elsewhere, the script we laid out in First They Came For The File Sharing Domains is playing out nearly verbatim in the three years hence. And there was an extra-judicial attempt to take out Wikileaks for the crime of egregious truth telling.

Unless there is a court order in the jurisdiction of the Registrar who shuts you down - they CANNOT stop you from transferring your domain out to another Registrar.

That is your basic domain right (notice it's in the singular). It was just upheld by an NAF panel under an ICANN TDRP proceeding.
We're in the process of doing this again right now for another client who had their fully compliant Canadian business, doing business from and in Canada was shut down entirely when literally "some guy in England" emailed their US-based registrar and told them to shut down their domain - which they promptly did, no questions asked (watch our blog as this unfolds).

Hopefully before long Registrars are going to wake up and realize that Chief Wiggum can't compel them to take down, hijack and lock your domain name unless he has a court order from some place other than Springfield.

from the that's-not-how-it-works dept

This is incredible. Just yesterday we wrote about how EasyDNS won its arbitration case, saying that a registrar cannot takedown and block the transfer of a domain name just on the say so of law enforcement or anyone else not carrying a court order. And, the very next day, EasyDNS is reporting on an absurd letter it has received from the National Association of Boards of Pharmacy, which argues exactly the opposite of what the arbitration panel told EasyDNS.

Incredibly, it says that if it complains about a domain, the registrar must take it down:

"Upon receipt of an abuse notification, some Registrars claim that a court order is required or that they are not violating the laws of the Registrar’s country. Both assertions are wrong."

Except, as EasyDNS points out, the arbitration ruling says that it's the NABP that's wrong, and that a court order is required. Similarly, the NABP claims that registrars must freeze the domains, even without a court order.

You should not allow domain names engaged in the illegal sale or distribution to transfer to another Registrar: the question of legality does not relate to where the Registrar is located, but rather to the activity of the Web site.

But, again, the arbitration ruling, which merely read from ICANN's own rules, says the exact opposite -- noting that you clearly need a court order

The NABP also tries the same direct misreading of ICANN's rules that Public Domain Registry used, to pretend that "fraud" is a reason to deny transfer, but as the arbitration ruling found, that claim is simply incorrect. The "fraud" referenced in the rules is only fraud concerning transfers not fraud in terms of what the website was used for.

There's much more in the letter as well. There is some history here. The NABP is basically an organization designed to artificially inflate the price of drugs in the US, cynically using highly questionable claims to pretend that they're focused on "public safety." For years, the NABP has worked hard to keep legitimate but cheaper versions of drugs outside the US, so that US pharmacies (and the drug companies they work with) can charge increasingly insane prices for drugs. Because they can use the specter of "fake drugs killing people!" they're able to do all sorts of nasty attacks on foreign pharmacies that are selling perfectly legitimate drugs to willing buyers, by claiming that they put people's lives at risk.

And, now, it appears they're going even further in trying to basically create a "SOPA-like" setup, whereby registrars are required to pull down any domain based solely on NABP's say so without any judicial review at all. The fact that this is happening at the same time that City of London Police are doing the same exact thing (at the urging of the legacy music/movie industries) isn't an accident. While the supporters of SOPA insist that there's no new legislation coming, they're all trying to do an end run around all of it, creating something that's even more extreme than SOPA by getting registrars to simply kill sites they don't like based on nothing but a complaint.

EasyDNS's Mark Jeftovic says it all in his blog post about it, noting that this is why they fought back against COICA/SOPA/PIPA:

It really is getting creepy out there.

We now know that we live in a total surveillance society, governments are printing money, going broke, manufacturing consent and lying about nearly everything; while quasi-governmental agencies all over the world are now asserting they have the authority to overturn legal process and basically dictate everybody else's business.

Who will be the next batch of clowns who tell us they can use liberally interpreted language in a couple of agreements that they aren't even party to to compel us to takedown your website? Let's start a betting pool.

This is why pushing back and standing up for internet freedom is so important. The attempts to control, to censor, to block and to silence are only increasing. The legacy players who can't stand competition or innovation are looking for any way to hold back the future, and that means attacking the public's ability to make use of the internet and to speak freely.

from the due-process-matters dept

Last fall, we noted that the City of London Police, who had just set up a special "intellectual property crime unit" which appeared to be taking orders directly from Hollywood, had issued bizarre orders to registrars, based on no court order or ruling, that they hand over domain names to the police, point them to a splash page that advertised Hollywood-approved businesses, and block the transfer of those domains to anyone else. A bunch of registrars actually did this, despite the lack of a court order or ruling of any kind. Just because the City of London Police said so. The only registrar who apparently resisted was EasyDNS, who pointed out that there's such a thing called due process. Furthermore, EasyDNS pointed out that the registrars who complied with the order almost certainly violated ICANN policies for registrars, which has a very specific set of conditions under which a registrar can freeze a whois record, none of which include "because some Hollywood-controlled police force says so."

The owners of at least one of the frozen domains sought to then (smartly) move the domain to EasyDNS, who would actually protect them. EasyDNS went to Verisign with a "request for enforcement" against the registrar who froze the whois, the incredibly misnamed "Public Domain Registry." For reasons that make no sense at all, Verisign responded with a "no decision."

No court order has been issued which would prohibit the transfer of the domain names at issue from the Registrar of Record to the Gaining Registrar. Therefore, there is nothing in the Transfer Policy which authorizes the Registrar of Record to refuse to transfer the domain names.

The ruling notes that while one may think it makes sense to obey a request from the police, "the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name." It further notes, correctly, the nature and importance of due process, as without it, abuse is too easy:

To permit a registrar of record to withhold the transfer of a domain based on the
suspicion of a law enforcement agency, without the intervention of a judicial body,
opens the possibility for abuse by agencies far less reputable than the City of London
Police. Presumably, the provision in the Transfer Policy requiring a court order is based
on the reasonable assumption that the intervention of a court and judicial decree
ensures that the restriction on the transfer of a domain name has some basis of “due
process” associated with it.

Public Domain Registry tried to defend itself, by arguing that it could freeze the domains because "their involvement in fraudulent activity." However, the arbitration ruling says both that this is wrong and a total misreading of ICANN's transfer policy. It's wrong in that no one has actually presented any evidence of fraudulent activity, and because the sites being used for fraudulent activity is not one of the reasons why a registrar can block a transfer.

The Registrar of Record argued that a basis for withholding the transfer of
the domain names was their involvement in fraudulent activity. The Response stated
that the three domain names “were involved in criminal distribution of copyrighted
material directly or indirectly and are liable to prosecution under UK law which serves as
evidence of fraud” under the Transfer Policy. First, the Registrar of Record’s assertion
is not correct as the London Police Request does not state that it has evidence of fraud.
The Registrar of Record apparently contacted the London Police, as the Registrar
states that the London Police have “agreed to answer any and all questions that might
arise with regards to these domain names.”

Second, the reference to “evidence of fraud” in the Transfer Policy does not refer to
fraudulent conduct by the holder of the domain name, but evidence of fraud with respect
to the transfer of that domain name

Kudos to Mark Jeftovic and EasyDNS for fighting for basic due process. If you're looking for a DNS provider or registrar, they seem like a good one, who is willing to actually stand up for their users' rights and basic concepts like due process. If you're looking for a registrar to avoid, Public Domain Registry immediately goes to the top of the list, for not only failing to comprehend the official transfer policies it is bound to uphold, but for not even remotely caring about basic due process, and being willing to lock down domains despite absolutely no judicial review.

from the a-decision-of-no-decision? dept

Back in October, we wrote about the absolutely ludicrous situation in which the City of London Police ordered registrars to take down a bunch of websites and point them to a page designated by the police (which pointed to some commercial services in London). There was no court order. There was no court involved at all. No one had been charged, sued, tried or anything. Just the City of London Police, their brand new "Intellectual Property Crime Unit" (set up at the urging of the RIAA), and a demand that the website domains be yanked and that the registrars bar them from being transferred out. While some registrars, such as the incredibly misnamed "Public Domain Registry," caved immediately to the completely bogus request, EasyDNS strongly and publicly refused (telling the police to come back with a court order) while also questioning (1) whatever happened to due process and (2) how any registrar could do this when it clearly violated ICANN's policy on transferring domain names.

Given this, EasyDNS went even further and filed a "request for enforcement" against Public Domain Registry, for locking the domains from being transferred out (and to EasyDNS). As EasyDNS notes, PDR's decision to lock the domains, despite being asked to do so by the police, violated ICANN's policies. ICANN's policies are pretty straightforward: the only times a registrar can deny a transfer-out request is in a few specific cases. And "asked by random police" isn't one. Instead there's "court order by a court of competent jurisdiction." But, again, there's been no court order.

Given this, the fact that PDR is denying to transfer the domains to EasyDNS it seems like an open and shut case that PDR is violating the rules. Verisign, which oversees all of this, should have made quick work of this in telling PDR to get on with the transfers. Instead... it totally punted, issuing one of the most bizarre statements you can imagine:

Please be advised that Verisign has completed its review of Request for Enforcement Case # 45337 and has rendered a decision of No Decision.

REASON FOR DECISION: Pursuant to Section 3.3.4 of the Registrar Transfer Dispute Resolution Policy, the data provided by the Respondent is inconclusive as to the issues presented.

Got that? Verisign reviewed everything and it's issued its decision, which is no decision. How very Abbott and Costello of them. Furthermore, the "reason" is even more bizarre. Basically, PDR -- the registry accused of violating the rules -- did not provide sufficient data. Huh? That's like saying that someone charged with a crime automatically gets off if they don't provide the evidence against themselves, no matter what evidence the police have.

From here, it appears the process was:

EasyDNS: Here's our request for enforcement with lots of evidence that PDR folded like a cheap card table when some power hungry police force told them to shut down sites and block transfers despite no court order. This violates ICANN's transfer rules.

Verisign: PDR, what happened?

PDR Hmm?

Verisign: Well, EasyDNS, we are issuing a no decision decision, because PDR's answer is inconclusive.

EasyDNS is going to continue to push the matter, however, because it notes the dangerous consequences of Verisign's ridiculous non-decision.

We feel we have an obligation to push this to an appeal now, because otherwise it means that Registrars can arbitrarily slam the doors on outbound transfers, ignore any enforcement requests from the registry and then be granted decisions of "no decisions", thus allowing them to simply keep the domains hostage.

from the not-how-it-works dept

We recently wrote about the City of London Police ordering various registrars to shut down a list of websites based on the City of London Police themselves deciding they must be illegal. That is, without a court order or any judicial oversight, the police just decided the sites were illegal and needed to be taken offline. On top of that, the police force's new "IP Crime Unit" threatened registrars that if they didn't obey, then they might lose their accreditation from ICANN. This was based on a total misreading of both copyright law and ICANN's rules.

In fact, Mark Jeftovic, the head of EasyDNS, the one registrar that appears to have both refused the City of London Police's demand and also spoken out publicly about this terrible attack on due process, is now noting that all of the other registrars who complied with the orders are almost certainly in violation of ICANN's policiesbecause they obeyed the police. The main issue is that part of the demand from the police was that the registrar not only redirect the site to a propaganda page, but that it also "freeze the whois record" to block any further changes.

But, as Jeftovic points out, ICANN has very specific rules about these things, and because some random police force demands it is not an approved reason to do such a thing:

Since there were no charges against any of the domains and no court orders, it may be at the registrars' discretion to play ball with these ridiculous demands. However – what they clearly cannot do now, is prevent any of those domain holders from simply transferring out their names to more clueful, less wimpy registrars.

Section 3, Obligations of The Registrar of Record clearly spells out the reasons why a registrar may deny a transfer-out request, and they are limited specifically to cases of fraud (the domain was paid for fraudulently), a UDRP proceeding or, hey, get this one "Court order by a court of competent jurisdiction", as well as some administrative reasons (like the domain was registered less than 60 days ago).

What is conspicuously absent from the list of reasons why a registrar that actually complied with this lunacy can now deny a transfer-out request is "because some guy sent you an email telling you to lock it down".

Jeftovic further notes that the registrars who folded upon receiving the police threat have now opened themselves up to significant liability problems, because the sites that got taken down can respond via the Transfer Dispute Resolution Policy (TDRP), which could mean that the registrars will have to pay "substantial" fees for blocking the transfer without a valid basis.

It certainly would be interesting to see the full list of sites the City of London Police decided to censor, as well as who the various registrars are, and how they reacted. While such a list doesn't appear to be out yet, I imagine it's only a matter of time.

from the due-process-matters dept

Just a few months ago, the City of London Police announced that it had set up a special " Intellectual Property Crime Unit" -- which was immediately, and gleefully, welcomed by the legacy record labels. The whole thing seemed fairly bizarre, given that copyright should generally be a civil issue, and even when it's a criminal issue, at best it should be a federal issue, not a local police issue -- especially when you have local police who almost certainly don't understand the basic nuances of copyright issues. However, in what appears to be an effort to justify their existence, the City of London IP Crimes Unit has jumped into the deep end without looking. Beyond quickly arresting some folks, this week they demanded that EasyDNS take down a website for a BitTorrent search engine, claiming copyright infringement, based on their claims alone.

They did not present a court order. They did not present a conviction. They just told EasyDNS to do it -- and (worse) threatened EasyDNS with punishment for not obeying, claiming (falsely) that it could lose its accreditation as a domain registrar. EasyDNS's Mark Jeftovic, who is incredibly well-versed in these issues (having spoken out previously on bogus domain name seizures) posted a fantastic response, which we're going to post at length. There's more than this, but it's worth reading the whole thing.

Who decides what is illegal? What makes somebody a criminal? Given that the subtext of the request contains a threat to refer the matter to ICANN if we don't play along, this is a non-trivial question. Correct me if I'm wrong, but I always thought it was something that gets decided in a court oflaw, as opposed to "some guy on the internet" sending emails. While that's plenty reason enough for some registrars to take down domain names, it doesn't fly here.

We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court.

The request also suggests we look at the whois contact information for the domain (which looks perfectly valid) and go ahead and suspend the domain based on invalid whois data. Again, there's a process for that, you have to go through the ICANN Whois Inaccuracy Complaint process and most of the time that doesn't result in a takedown anyway.

What gets me about all of this is that the largest, most egregious perpetrators of online criminal activity right now are our own governments, spying on their own citizens, illegally wiretapping our own private communications and nobody cares, nobody will answer for it, it's just an out-of-scope conversation that is expected to blend into the overall background malaise of our ever increasing serfdom.

If I can't make various governments and law enforcement agencies get warrants or court orders before they crack my private communications then I can at least require a court order before I takedown my own customer.

Furthermore, Jeftovic notes that the police ordered him to redirect all of the traffic to a different site that promotes some content services that the entertainment industry likes, and noted that this was a fairly obscene form of intimidation for the sake of local protectionism of favored industry players:

In other words, they are ordering us to take down competing websites, with no legal basis, hijacking the traffic, and redirecting it to competing commercial services, all of which are based out of (guess where?) London, UK.

This whole thing is fairly stunning, and Jeftovic even suggests he wasn't sure it was real at first, though the headers from the email suggest that it's legit. Furthermore, it appears that this was not a one-off situation. TorrentFreak is reporting that the City of London Police sent out a bunch of these letters to various registrars, targeting a variety of sites -- with no evidence that there's a court order, or indeed any court case at all, with all of them. And while EasyDNS isn't complying, it appears that many other registrars did get intimidated into shutting down these sites.

The thuggish behavior and lack of due process isn't that surprising. Combine a "respect my authority" law enforcement mentality, with people who don't have much (or any) experience with the nuances (or history or purpose) of intellectual property issues, and you're going to get this kind of overreaction. Add to that the likelihood that the legacy industry helped provide the extreme (and wrong and misleading) version of copyright law, and is it any wonder that the police seemed to just start demanding websites be pulled down willy nilly just because the police think they're illegal?

If you only were to hear the legacy movie studios' and record labels' version of things, copyright is about establishing their very important business model, and anything that threatens that must be illegal. If you see a service that enables some form of infringement, well, that must be illegal, too, right? Of course, they won't realize that copyright is not about establishing a business model for those gatekeepers, that blaming tools & services for the actions of their users is a recipe for killing innovation, and (most importantly) that these things are rarely black and white. And that's why you have due process.

The City of London IP Crime Unit has only been around for a little over three months. One hopes that they'll actually learn something before pulling these kinds of censorious, abusive and thuggish stunts in the future. And, while we're at it, it seems reasonable to call for shutting down the whole unit in the first place. IP crimes are not an issue for an ignorant metropolitan police force. The unit never should have been set up in the first place, and this little cowboy censorship action highlights why the unit deserves to be quickly retired.